John Gilmore On How The NSA Sabotaged A Key Security Standard

from the betrayal-of-trust dept

In Bruce Schneier's uplifting call to fix the Internet in the wake of key technologies being subverted by the US government, one of the things he asks engineers to do is to come forward with detailed information about how the NSA did that:

We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I've just started collecting. I want 50. There's safety in numbers, and this form of civil disobedience is the moral thing to do.
Although not directly answering that call, EFF co-founder John Gilmore has written a fascinating short post about what he noticed happening on an IETF standards committee drawing up the important IPsec standard:
NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents

...

Every once in a while, someone not an NSA employee, but who had longstanding ties to NSA, would make a suggestion that reduced privacy or security, but which seemed to make sense when viewed by people who didn't know much about crypto.

...

The resulting standard was incredibly complicated -- so complex that every real cryptographer who tried to analyze it threw up their hands and said, "We can't even begin to evaluate its security unless you simplify it radically".
Needless to say, it was never simplified. Gilmore also reports what happened elsewhere:
In other circumstances I also found situations where NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!).
Of course, this remains at the anecdotal level. But if Schneier gets his 50 NSA stories, we should start to have a much clearer picture of what the agency has been up to -- and how to stop it happening in the future.

Follow me @glynmoody on Twitter or identi.ca, and on Google+



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Sep 9th, 2013 @ 2:28pm

    There is a simple solution to the problem:

    Kill them and take their stuff. 'Tis the Olde Viking way, and it seems apropos now.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    vastrightwing, Sep 9th, 2013 @ 2:34pm

    No sarcasm today

    I'm very concerned here. It now looks like we have to totally rebuild the entire security scheme for the internet. This means SSL certificates, VPNs, appliances, everything! This will be a long and difficult task because surely the new security model will have to be vetted by experts and where will these experts come from? Not from the NSA. Even the most rudimentary building block such as a random number generator will need to be touched. Since we all know by now the NSA turned even a random number generator into a back door, making all encryption techniques breakable with ease.

    As memos noted, citizens are the enemy here. So I say we MUST prevent all government agencies from influencing the design of any security infrastructure. They are immediately ineligible and suspect. The design must be elegant, simple to understand by a reasonable person with security knowledge. The source open so flaws can be detected and fixed. The design needs to be such that current technology would take years to brute force an attack. We don't want to rely on OEM libraries since they are also suspect. That is no using standard or certified libraries, since certification means endorsed by the enemy. All appliances such as switches and routers, telephony, etc. all need the firmware re-written.

    Unfortunately we won't be told what encryption is safe, so we must assume none of it is. Further, we need to adopt an update strategy every few years and change the basic algorithm, even if it is strong, merely to ensure the current method has not been compromised.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Bergman (profile), Sep 9th, 2013 @ 3:42pm

      Re: No sarcasm today

      Unfortunately, right after they get excluded from the process as security risks, they'll go to Congress and get it make illegal to exclude them. And then the US will become a third world country as far as tech development is concerned.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Bergman (profile), Sep 9th, 2013 @ 3:44pm

        Re: Re: No sarcasm today

        And that's if we're lucky. If we're not, it will be a secret court issuing a secret injunction against excluding secret agents and nobody will know they're breaking the law even after people start disappearing into secret jails where national security trumps the right to due process.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Hephaestus (profile), Sep 9th, 2013 @ 4:59pm

      Re: No sarcasm today

      Please, it is not that complex. Run two levels of encryption, one that is trusted like we do now for web sites, and another underneath that is public-private key generated at both ends. It does not matter if they have hacked the routers, switches or even have the root certificates for the entire internet at that point all they get is noise.

      http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
      http://en.wikipedia.org/wiki/P ublic-key_cryptography

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        The Mighty Buzzard (profile), Sep 10th, 2013 @ 1:08am

        Re: Re: No sarcasm today

        Most implementations of DH are compromised at the moment. Only the ones using elliptical curve algorithms are even in the running for secure.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 9th, 2013 @ 4:37pm

    i hope this can be sorted out pretty quickly, or there will be no room left in the prisons to take all the criminals the NSA have made out of ordinary people. perhaps a roll reversal is in order?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Qyiet, Sep 9th, 2013 @ 4:53pm

    Of FFS..

    So all the bullshit I went through to get my IPsec tunnels between different vendors working was just so the NSA could have an extra complex standard to slip vulnerabilities into.

    Talk about backwards engineering.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 10th, 2013 @ 2:04am

      Re: Of FFS..

      It's worse, considering the crackers now know where to look in secure standards to break into, not just small enterprises, but big ones....y'know, like banks.

      Good job, NSA!

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 10th, 2013 @ 1:02am

    Next relevations in (redacted)

    Therefore by using only metadata we can now realize that also DNSSEC has been compromised by DOJ and DOD.

    Great job guys and gals...

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Mike Acker (profile), Sep 10th, 2013 @ 4:42am

    Security starts a home

    there is no point in discussing encryption until the question of un-authorized programming is settled

    i don't think there is any point in discussing un-authorized programming unless we are using open-source software ( I'm using Linux/Mint )

    i tend to agree with Snowden -- nothing wrong with encryption that we have -- e.g. GnuPG -- implemented properly

    he means on a secure host, and don't use "123456" for you password

    the existing x.509 and CA structure is a mess: you are trusting everything your browser sends you -- and everything that mess has signed for

    the First Thing a computer user should do is generate his key pair . once that's done he is in a position to vet and sign certificates . he won't need to do many of these -- just those that need to be secured -- e.g. NewEgg, Amazon, Credit Union, TurboTax, -- anyplace money is involved. you don't need https on a blog site. but you DO need GnuPG on your e/mail

    Thunderbird/ENIGMAIL is one solution.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This